SpamAssassin

SpamAssassin, a popular Spam filtering tool written using Perl, is reported
to be vulnerable to a denial of service attack that could cause the server
it is running on to become unresponsive. The vulnerability is caused by a bugs
in the code that parses email headers. Certain specific headers can cause SpamAssassin
to consume a large amount of processor time. Versions 3.0.1, 3.0.2, and 3.0.3
are reported to be vulnerable.

The Apache SpamAssassin Security Team strongly encourages all users to upgrade
to version 3.0.4 as soon as possible.

PHP PEAR

A bug in the XML_RPC portion of PEAR (PHP Extension and Application Repository)
may under some circumstances be exploitable by a remote attacker to execute
arbitrary code. PEAR is a large collection of packages for PHP development.
XML_RPC provides code to allow remote procedure calls using XML.

Users should watch their vendor for an updated version.

Bugzilla

Bugzilla is an online web based bug tracking system. Several bugs in Bugzilla
can be exploited to gain unauthorized access to information on bugs that have
been marked private or hidden.

All administrators of Bugzilla should upgrade to 2.18.2.

Heimdal / Kerberos telnetd

A report from SUSE states that the Heimdal / Kerberos telnetd daemon is vulnerable
to a remotely exploitable buffer overflow that can result in arbitrary code
being executed as root. The report also states that this version of the telnet
daemon is not installed by default.

Affected users should upgrade to a repaired version as soon as possible.

Vipul's Razor

Vipul's Razor is a spam detection and filtering application that uses a distributed
and collaborative catalog to detect spam. A bug in the way that Vipul's Razor
handles email headers can be abused by a remote attacker to crash the application.

Anyone using Vipul's Razor should upgrade to version 2.70 or newer or watch
for their vendor to released a repaired package.

TikiWiki

TikiWiki, a implementation of Wiki software written using PHP, is reported
to be vulnerable under some conditions to a bug that a remote attacker can
abuse to execute arbitrary code. The report states that the vulnerability is
due to the use of the XML_RPC code from the PEAR library.

All administrators of servers running TikiWiki should upgrade to version 1.8.5
or 1.9 DR4 as soon as possible.

poppassd_pam

The poppassd_pam daemon was created to allow remote POP mail users to change
their password. However a flaw in poppassd_pam will allow a remote attacker
to change any password on the system including root's. poppassd_pam fails to
verify that the old user password is valid before it resets the password to
the new value.

All users of poppassd_pam should disable it until it has been repaired or
replaced. Gentoo Linux has released a replacement daemon named poppassd_ceti.

zlib

The zlib compression library is reported to be vulnerable to a buffer overflow.
Exploiting the overflow results in applications linked against the library
to crash and could also result in arbitrary code being executed with the permissions
of the user account running the application. More than a hundred applications
are linked against the zlib library.

Users should watch their vendor for a repaired zlib library.

FUSE

FUSE implements a fully functional filesystem in an application that runs
in user space. A problem in FUSE has been reported that could under some conditions
allow a local attacker to read pages of memory that they should not be able
to access.

Affected users should upgrade to version 2.3.0 or newer of FUSE.

Solaris Kernel Bug

A bug in Sun's Solaris kernel has been reported that can be exploited to bind
to another user's (including root) network port. Once the attacker has control
over the port they could emulate authorized services and gather information
such as login names and passwords. The attack does not work against privileged
ports (normally ports below 1024). An application to automate the exploitation
of this bug has been released to the public.

Users should install patch number 116965-08 available from Sunsolve. One possible
workaround is to use the ndd command to add additional ports above 1024 as
privileged ports.

HT Editor

HT Editor is a viewer and editor for executables. Buffer overflows in the
PE parser and the ELF parser have been reported. These buffer overflows may
be exploitable by an attacker who prepares a carefully crafted executable that
they then convince the victim to view or edit with the HT Editor.

Any user of HT Editor should upgrade to version 0.9.1 or newer.

GNATS

GNATS is a problem reporting and management system released by the GNU organization.
Under some conditions a local attacker can abuse the gen-index command to overwrite
arbitrary files on the system. In many cases the attacker will be able to use
root permissions. GNATS versions 4.1.0 and 4.0 are reported to be vulnerable.
It is not known if earlier versions are also vulnerable.

Affected users should watch for a repaired version of GNATS.

JBoss jBPM

JBoss jBPM (Java Business Process Management), a workflow management system,
is reported to be vulnerable to a bug in the hsqldb service that can be exploited
remotely to execute arbitrary code on the server.

Trustix Secure Linux

The maintainers of Trustix Secure Linux have announced that releases number
1.5 and 2.1 have reached their end of life and that future patches and updates
are not planned. All users of Trustix Secure Linux are encouraged to upgrade
to version 2.2 as soon as possible.

Trac

Trac is a wiki designed to help track issues in a software development project
that also connects to the Subversion revision control system. A problem in
the code that controls file uploads and downloads can be exploited by a remote
attacker to execute arbitrary code with the permissions of the web server.